←back to thread

FIDO Alliance publishes new spec to let users move passkeys across providers

(fidoalliance.org)

225 points Terretta | 2 comments | 15 Oct 24 12:18 UTC | HN request time: 0s | source

Show context

rkagerer ◴[16 Oct 24 06:25 UTC] No.41856151[source]▶

>>41847787 (OP) #

Does this include a way for a technically-savvy user to 'repatriate' their passkeys into their own infrastructure? (i.e. If I want to be my own provider)

replies(5): >>41856235 #>>41856260 #>>41856382 #>>41856674 #>>41864441 #

HeatrayEnjoyer ◴[16 Oct 24 07:12 UTC] No.41856382[source]▶

There shouldn't be. Secure enclaves aren't secure if they can be copied

replies(7): >>41856651 #>>41863070 #>>41863950 #>>41864073 #>>41867442 #>>41867586 #>>41871611 #

1. noirscape ◴[17 Oct 24 08:10 UTC] No.41867442[source]▶

In that case, the keys would be a non-starter. The overwhelming majority of tech requests relate to people forgetting their passwords and getting in trouble because the browser's password manager forgot the password itself.

The reality is that the biggest pushers of Passkeys are the providers with the least amount of infrastructure stability. If you want people to get to use Passkeys, providing an exit tool from Google and Apple is a must, because both providers are godawful at not accidentally mushing up your data. That's not so important if all you're using their infrastructure for is a periodic backup/use it to transfer photos to your PC, but it's a problem for anything that has to be stored long-term.

replies(1): >>41878714 #

2. HeatrayEnjoyer ◴[18 Oct 24 12:19 UTC] No.41878714[source]▶

>>41867442 (TP) #

Any exit tool just becomes the latest focus of phishers and credential stealing malware.